Outsourcing some services could be risky
One DHS agency is outsourcing disaster recovery
- By Alice Lipowicz
- Sep 24, 2009
The Immigration and Customs Enforcement (ICE) agency recently issued a draft statement of work seeking a contractor to handle disaster preparations for the office of its chief information officer, and the move has raised eyebrows — and questions.
According to the statement, ICE is willing to pay as much as $25 million a year for services that include developing, building and maintaining plans and materials for a comprehensive disaster recovery organization that minimizes disruptions during disasters.
Separately, the Homeland Security Department's inspector general released an audit of disaster recovery planning for DHS’s headquarters complex in the District of Columbia, which does not include ICE’s headquarters. The public summary was only a single sentence; the rest was classified information.
Those events combine to form an unexpected picture: Disaster recovery planning is so sensitive that some agency leaders believe it should be classified, while others think it is suitable for handing off to outsiders.
However, the juxtaposition is not as unusual as it might appear.
“Unfortunately, it's not very strange at all,” said Steven Aftergood, director of the Federation of American Scientists’ secrecy project. “Outsourcing and classification seem to be primal instincts in many government agencies. Sometimes those steps are no doubt appropriate, but other times they are not. And in every case, they make public oversight and accountability more difficult, if not impossible."
While the effects of classifying information are clear, outsourcing also reduces oversight and accountability, he said. "The procedures that are used to hold government agencies accountable and transparent are often inadequate to deal with contractors," he said. "The Freedom of Information Act, the congressional budget justification process, and other oversight mechanisms are only indirectly applicable to contractors. Government agencies must answer to Congress, or suffer the consequences. But contractors answer above all to their contracting agencies. Public accountability takes second place at best."
Overall, disaster recovery planning across federal agencies is a hodgepodge, agreed Ray Bjorklund, senior vice president and chief knowledge officer of FedSources, a market research firm in McLean, Va.
“Disaster recovery planning is in the eye of the beholder,” Bjorklund said. “There is no overarching guidance that I have seen.”
Some agencies, such as DHS, make disaster planning a higher priority, while for others, it is a less critical issue, and the resulting variety of approaches can seem haphazard, Bjorklund said.
Classification also varies. “There can be a lot of reasons why one agency might classify something while another wouldn’t — a lot of it depends on their mission,” said Jena McNeill, homeland security policy analyst at the Heritage Foundation. Overall, she praised the efforts.
“Recovery plans are just as vital as prevention and response — I am glad they are thinking on this,” McNeill said.
Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.